= Use system libcom_err.

No longer build or install the included libcom_err and compile_et. = ftpd now uses IP_PORTRANGE* in the same fashion as the system ftpd. By default, ftpd will now use high port numbers for serving clients in passive mode. = Fix segmentation fault in kadmin. A null pointer dereference that was only tickled when using kadmin with a kdc that uses LDAP as the backend. = Fix a search filter in hdb-ldap.c. A lookup was failing to fetch operational attributes such as modifiersName. = Bump PORTREVISION for above changes.
author: Jacques Vidrine <nectar@FreeBSD.org> 2000-11-09 23:35:03 +0000
committer: Jacques Vidrine <nectar@FreeBSD.org> 2000-11-09 23:35:03 +0000
commit: 2cf9350a4efdb46b41d8c5899ad6e871ce10b07f (patch)
tree: b532d123acafead4be241321243f33993c59c901 /security/heimdal
parent: Upgrade to courier-imap 1.2.2 (diff)
11 files changed, 197 insertions, 6 deletions
diff --git a/security/heimdal/Makefile b/security/heimdal/Makefile
index 8fbe67c212db..d1ec0b74eac5 100644
--- a/security/heimdal/Makefile
+++ b/security/heimdal/Makefile
@@ -7,7 +7,7 @@
 
 PORTNAME=		heimdal
 PORTVERSION=		0.3c
-PORTREVISION=		1
+PORTREVISION=		2
 CATEGORIES=		security ipv6
 MASTER_SITES=		ftp://ftp.pdc.kth.se/pub/heimdal/src/ \
 			ftp://ftp.replay.com/pub/replay/crypto/APPS/kerberos/heimdal/ \
@@ -38,6 +38,7 @@ MAN8=			ftpd.8 hprop.8 hpropd.8 kadmind.8 kdc.8 kfd.8 kpasswdd.8 \
 #USE_LIBTOOL=		yes
 
 GNU_CONFIGURE=		yes
+CONFIGURE_TARGET=	--build=${MACHINE_ARCH}--freebsd${OSREL}
 INSTALLS_SHLIB=		yes
 CONFIGURE_ARGS=		--prefix=${PREFIX} --enable-shared
 .if defined(WITH_LDAP)
@@ -69,6 +70,12 @@ CONFIGURE_ARGS+=	--without-krb4
 
 PLIST:=			${WRKDIR}/PLIST
 
+pre-configure:
+	@(set -e; \
+	cd ${CONFIGURE_WRKSRC}; \
+	find . -type f -name 'Makefile.in' -print | xargs perl -i -pe \
+	's,\$$\(top_builddir\)/lib/com_err/compile_et,compile_et,';)
+
 pre-install:
 	@${CP} ${PKGDIR}/pkg-plist ${PLIST}
 .if exists(/usr/lib/libkrb.a) && !defined(WITHOUT_KRB4)
diff --git a/security/heimdal/files/patch-cj b/security/heimdal/files/patch-cj
new file mode 100644
index 000000000000..1fe503ab37f4
--- /dev/null
+++ b/security/heimdal/files/patch-cj
@@ -0,0 +1,36 @@
+--- appl/ftp/ftpd/ftpd.c.orig	Thu Aug 31 01:08:49 2000
++++ appl/ftp/ftpd/ftpd.c	Fri Nov  3 12:01:17 2000
+@@ -68,6 +68,7 @@
+ int	debug = 0;
+ int	ftpd_timeout = 900;    /* timeout after 15 minutes of inactivity */
+ int	maxtimeout = 7200;/* don't allow idle time to be set beyond 2 hours */
++int	restricted_data_ports = 1;
+ int	logging;
+ int	guest;
+ int	dochroot;
+@@ -215,6 +216,7 @@
+     { NULL, 't', arg_integer, &ftpd_timeout, "initial timeout" },
+     { NULL, 'T', arg_integer, &maxtimeout, "max timeout" },
+     { NULL, 'u', arg_string, &umask_string, "umask for user logins" },
++    { NULL, 'U', arg_negative_flag, &restricted_data_ports, "don't use high data ports" },
+     { NULL, 'd', arg_flag, &debug, "enable debugging" },
+     { NULL, 'v', arg_flag, &debug, "enable debugging" },
+     { "builtin-ls", 'B', arg_flag, &use_builtin_ls, "use built-in ls to list files" },
+@@ -1942,6 +1944,8 @@
+ 	socket_set_address_and_port (pasv_addr,
+ 				     socket_get_address (ctrl_addr),
+ 				     0);
++	socket_set_portrange(pdata, restricted_data_ports, 
++	    pasv_addr->sa_family); 
+ 	seteuid(0);
+ 	if (bind(pdata, pasv_addr, socket_sockaddr_size (pasv_addr)) < 0) {
+ 		seteuid(pw->pw_uid);
+@@ -1984,6 +1988,8 @@
+ 	socket_set_address_and_port (pasv_addr,
+ 				     socket_get_address (ctrl_addr),
+ 				     0);
++	socket_set_portrange(pdata, restricted_data_ports, 
++	    pasv_addr->sa_family); 
+ 	seteuid(0);
+ 	if (bind(pdata, pasv_addr, socket_sockaddr_size (pasv_addr)) < 0) {
+ 		seteuid(pw->pw_uid);
diff --git a/security/heimdal/files/patch-ck b/security/heimdal/files/patch-ck
new file mode 100644
index 000000000000..87afecea5c03
--- /dev/null
+++ b/security/heimdal/files/patch-ck
@@ -0,0 +1,25 @@
+--- appl/ftp/ftpd/ftpd.8.orig	Tue Feb 16 14:14:08 1999
++++ appl/ftp/ftpd/ftpd.8	Fri Nov  3 12:07:47 2000
+@@ -43,7 +43,7 @@
+ .Sh SYNOPSIS
+ .Nm ftpd
+ .Op Fl a Ar authmode
+-.Op Fl dilv
++.Op Fl dilvU
+ .Op Fl g Ar umask
+ .Op Fl p Ar port 
+ .Op Fl T Ar maxtimeout
+@@ -127,6 +127,13 @@
+ seconds (the default is 15 minutes).
+ .It Fl u
+ Set the initial umask to something else than the default 027.
++.It Fl U
++In previous versions of
++.Nm ftpd ,
++when a passive mode client requested a data connection to the server, the 
++server would use data ports in the range 1024..4999.  Now, by default, the 
++server will use data ports in the range 49152..65535.  Specifying this option
++will revert to the old behavior.  
+ .It Fl v
+ Verbose mode.
+ .El
diff --git a/security/heimdal/files/patch-cl b/security/heimdal/files/patch-cl
new file mode 100644
index 000000000000..87e7d1b21bfe
--- /dev/null
+++ b/security/heimdal/files/patch-cl
@@ -0,0 +1,34 @@
+--- lib/roken/socket.c.orig	Wed Jul 26 23:41:06 2000
++++ lib/roken/socket.c	Fri Nov  3 11:56:34 2000
+@@ -222,6 +222,31 @@
+ }
+ 
+ /*
++ * Set the range of ports to use when binding with port = 0.
++ */
++void
++socket_set_portrange (int sock, int restrict, int af)
++{
++#if defined(IP_PORTRANGE)
++	if (af == AF_INET) {
++		int on = restrict ? IP_PORTRANGE_HIGH : IP_PORTRANGE_DEFAULT;
++		if (setsockopt (sock, IPPROTO_IP, IP_PORTRANGE, &on,
++		    sizeof(on)) < 0)
++			warn ("setsockopt IP_PORTRANGE (ignored)");
++	}
++#endif
++#if defined(IPV6_PORTRANGE)
++	if (af == AF_INET6) {
++		int on = restrict ? IPV6_PORTRANGE_HIGH : 
++		    IPV6_PORTRANGE_DEFAULT;
++		if (setsockopt (sock, IPPROTO_IPV6, IPV6_PORTRANGE, &on,
++		    sizeof(on)) < 0)
++			warn ("setsockopt IPV6_PORTRANGE (ignored)");
++	}
++#endif
++}
++	
++/*
+  * Enable debug on `sock'.
+  */
+ 
diff --git a/security/heimdal/files/patch-cm b/security/heimdal/files/patch-cm
new file mode 100644
index 000000000000..dc0a4bc28ef3
--- /dev/null
+++ b/security/heimdal/files/patch-cm
@@ -0,0 +1,12 @@
+--- lib/roken/roken-common.h.orig	Fri Nov  3 11:31:42 2000
++++ lib/roken/roken-common.h	Fri Nov  3 11:57:01 2000
+@@ -276,6 +276,9 @@
+ socket_set_port (struct sockaddr *sa, int port);
+ 
+ void
++socket_set_portrange (int sock, int restrict, int af);
++
++void
+ socket_set_debug (int sock);
+ 
+ void
diff --git a/security/heimdal/files/patch-cn b/security/heimdal/files/patch-cn
new file mode 100644
index 000000000000..7db2073a2bc1
--- /dev/null
+++ b/security/heimdal/files/patch-cn
@@ -0,0 +1,20 @@
+--- lib/Makefile.in.orig	Wed Nov  8 10:21:25 2000
++++ lib/Makefile.in	Wed Nov  8 10:21:34 2000
+@@ -194,7 +194,7 @@
+ @OTP_TRUE@dir_otp = @OTP_TRUE@otp
+ @DCE_TRUE@dir_dce = @DCE_TRUE@kdfs
+ 
+-SUBDIRS = @DIR_roken@ vers editline com_err sl asn1 des krb5 \
++SUBDIRS = @DIR_roken@ vers editline sl asn1 des krb5 \
+ 	kafs hdb kadm5 gssapi auth $(dir_45) $(dir_otp) $(dir_dce)
+ 
+ subdir = lib
+@@ -214,7 +214,7 @@
+ DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ 
+ GZIP_ENV = --best
+-DIST_SUBDIRS =  @DIR_roken@ vers editline com_err sl asn1 des krb5 kafs \
++DIST_SUBDIRS =  @DIR_roken@ vers editline sl asn1 des krb5 kafs \
+ hdb kadm5 gssapi auth 45 otp kdfs
+ all: all-redirect
+ .SUFFIXES:
diff --git a/security/heimdal/files/patch-co b/security/heimdal/files/patch-co
new file mode 100644
index 000000000000..4395d43ec21e
--- /dev/null
+++ b/security/heimdal/files/patch-co
@@ -0,0 +1,11 @@
+--- include/Makefile.in.orig	Wed Nov  8 10:21:59 2000
++++ include/Makefile.in	Wed Nov  8 10:22:07 2000
+@@ -199,8 +199,6 @@
+ 	asn1.h		\
+ 	asn1_err.h	\
+ 	base64.h	\
+-	com_err.h	\
+-	com_right.h	\
+ 	der.h		\
+ 	des.h		\
+ 	editline.h	\
diff --git a/security/heimdal/files/patch-cp b/security/heimdal/files/patch-cp
new file mode 100644
index 000000000000..7c064faa7066
--- /dev/null
+++ b/security/heimdal/files/patch-cp
@@ -0,0 +1,24 @@
+--- lib/asn1/Makefile.in.orig	Wed Nov  8 10:31:04 2000
++++ lib/asn1/Makefile.in	Wed Nov  8 10:31:52 2000
+@@ -279,7 +279,6 @@
+ 
+ check_der_LDADD = \
+ 	libasn1.la \
+-	../com_err/libcom_err.la \
+ 	$(LIB_roken)
+ 
+ 
+@@ -339,11 +338,11 @@
+ asn1_compile_LDFLAGS = 
+ asn1_print_SOURCES = asn1_print.c
+ asn1_print_OBJECTS =  asn1_print.$(OBJEXT)
+-asn1_print_DEPENDENCIES =  libasn1.la ../com_err/libcom_err.la
++asn1_print_DEPENDENCIES =  libasn1.la 
+ asn1_print_LDFLAGS = 
+ check_der_SOURCES = check-der.c
+ check_der_OBJECTS =  check-der.$(OBJEXT)
+-check_der_DEPENDENCIES =  libasn1.la ../com_err/libcom_err.la
++check_der_DEPENDENCIES =  libasn1.la 
+ check_der_LDFLAGS = 
+ COMPILE = $(CC) $(DEFS) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+ LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
diff --git a/security/heimdal/files/patch-cq b/security/heimdal/files/patch-cq
new file mode 100644
index 000000000000..4c27bdc13cb3
--- /dev/null
+++ b/security/heimdal/files/patch-cq
@@ -0,0 +1,14 @@
+--- kadmin/get.c.orig	Wed Nov  8 12:28:57 2000
++++ kadmin/get.c	Wed Nov  8 12:44:44 2000
+@@ -150,7 +150,10 @@
+     printf("%24s: %d\n", "Failed login count", princ->fail_auth_count);
+     time_t2str(princ->mod_date, buf, sizeof(buf), 1);
+     printf("%24s: %s\n", "Last modified", buf);
+-    krb5_unparse_name_fixed(context, princ->mod_name, buf, sizeof(buf));
++    if (princ->mod_name)
++	    krb5_unparse_name_fixed(context, princ->mod_name, buf, sizeof(buf));
++    else
++	    strcpy(buf, "<none>");
+     printf("%24s: %s\n", "Modifier", buf);
+     attributes2str (princ->attributes, buf, sizeof(buf));
+     printf("%24s: %s\n", "Attributes", buf);
diff --git a/security/heimdal/files/patch-cr b/security/heimdal/files/patch-cr
new file mode 100644
index 000000000000..4568237f3a60
--- /dev/null
+++ b/security/heimdal/files/patch-cr
@@ -0,0 +1,13 @@
+--- lib/hdb/hdb-ldap.c.orig	Wed Nov  8 14:42:11 2000
++++ lib/hdb/hdb-ldap.c	Wed Nov  8 15:39:50 2000
+@@ -583,8 +583,8 @@
+     rc = 1;
+     (void) ldap_set_option((LDAP *) db->db, LDAP_OPT_SIZELIMIT, (void *) &rc);
+ 
+-    rc = ldap_search_s((LDAP *) db->db, db->name,
+-		       LDAP_SCOPE_ONELEVEL, filter, NULL, 0, msg);
++    rc = ldap_search_s((LDAP *) db->db, db->name, LDAP_SCOPE_ONELEVEL, filter,
++	krb5kdcentry_attrs, 0, msg);
+     if (rc != LDAP_SUCCESS) {
+ 	ret = HDB_ERR_NOENTRY;
+ 	goto out;
diff --git a/security/heimdal/pkg-plist b/security/heimdal/pkg-plist
index d91b4e771406..40061ff31877 100644
--- a/security/heimdal/pkg-plist
+++ b/security/heimdal/pkg-plist
@@ -21,8 +21,6 @@ bin/verify_krb5_conf
 include/asn1.h
 include/asn1_err.h
 include/base64.h
-include/com_err.h
-include/com_right.h
 include/der.h
 include/des.h
 include/editline.h
@@ -66,9 +64,6 @@ info/heimdal.info
 lib/libasn1.a
 lib/libasn1.so
 lib/libasn1.so.3
-lib/libcom_err.a
-lib/libcom_err.so
-lib/libcom_err.so.1
 lib/libdes.a
 lib/libdes.so
 lib/libdes.so.2
author	Jacques Vidrine <nectar@FreeBSD.org>	2000-11-09 23:35:03 +0000
committer	Jacques Vidrine <nectar@FreeBSD.org>	2000-11-09 23:35:03 +0000
commit	2cf9350a4efdb46b41d8c5899ad6e871ce10b07f (patch)
tree	b532d123acafead4be241321243f33993c59c901 /security/heimdal
parent	Upgrade to courier-imap 1.2.2 (diff)